HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

Displaying articles for: May 2014

HP Security Briefing, episode 13 – The art and near-science of threat modeling

In this month’s briefing, we give an overview of the threat-modeling landscape – what it affects, how it got this way, what the current notable conditions are, and how to introduce the pertinent concepts to your organization.

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 30, 2014

OSINT.jpgIt's time for the May 30th list of HP Security Research OSINT articles of interest! This is a list of publically available articles that we find relevant in today's security news.  

Labels: HP| security

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 23, 2014

OSINT.jpgIt's the May 23rd edition of the HP Security Research OSINT News Feed—a list of publically available articles that we find relevant in today’s security news.  

Labels: HP| security

Technical Analysis of CVE-2014-0515 Adobe Flash Player Exploit

At the end of April, Kaspersky reported an ITW exploit that was abusing an Adobe Flash Player zero-day vulnerability at the time (CVE-2014-0515). The vulnerability was known to be inside the Pixel Bender parser in Adobe Flash Player. I had time to look deeper into how the vulnerability works and how control of the code is acquired using this vulnerability.

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 16, 2014

OSINT.jpgIt's that time of the week! Welcome to the May 16th list of HP Security Research OSINT articles of interest. 

Labels: HP| security

The mechanism behind Internet Explorer CVE-2014-1776 exploits

Recently Microsoft patched an Internet Explorer use-after-free bug (CVE-2014-1776) that was being exploited in the wild. Since then I’ve seen several reports of new variants based on the original exploit appearing ITW. Let’s look deep inside the exploitation mechanism to see how it works to make a use-after-free execute shellcode.

What should be the optimal crypto-strength for CryptoLocker?

It is easy to say that the perpetrators of malware, such as CryptoLocker, are bad people.  However, one could also say that the same perpetrators have a pretty good grasp of how to deploy industrial-strength cryptography. But is everything optimal? Could there be such thing as a cryptography that is too strong? Could there be some valid reason to use less strong encryption intentionally?

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 9, 2014

OSINT.jpgWelcome to the May 9th edition of the HP Security Research OSINT News Feed--a list of publically available articles that we find relevant in today's security news! 

Labels: HP| security

Double-Dip: Using the latest IE 0-day to get RCE and an ASLR Bypass

Could the latest 0-day used in the wild be stealthier?

The attack discovered last week used two vulnerabilities but it could have been stealthier. A bug was exploited in flash to bypass ASLR and another in IE to gain RCE. ZDI's research proved that the IE bug can be exploited to bypass ASLR+DEP without using a Flash bug.

Labels: 0day| ASLR| DEP| exploit| IE| IE0day| ZDI

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 05, 2014

OSINT.jpgWelcome to the May 5th edition of the HP Security Research OSINT News Feed—a list of publically available articles that we find interesting in today’s security news.  

Labels: HP| security

.NET malware: De-obfuscation, decryption and debugging - tips and tricks.

.NET technology is becoming increasingly prevalent and more widely acceptable. It can be found powering up not just large, back-end infrastructures but also a broad class of mobile and embedded devices.  However, having many multi-platform advantages, the .NET framework is also becoming more and more lucrative for malware writers. To deal with the "apparent" openness of the .NET binaries there are various technologies that have emerged and they keep evolving to obfuscate and complicate analysis of malware samples..

Protect your Struts1 applications

Since the last post on how to mitigate the Struts 2 zero day on the wild we have received many queries from customers wondering if their legacy Struts 1 applications were also vulnerable to this same attack. Keep reading ...

Tags: 0day| Struts1
Labels: 0day| Struts1
Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
  • Head of OpSec Research
  • I joined HP in 2014 and am currently a Sr. Security Content Developer within HP Security Research. In this role, I write and edit security analysis and supporting content from researchers.
  • Kernelsmith is senior vulnerability researcher with Hewlett-Packard Security Research (HPSR). In this role, he analyzes and performs root-cause analysis on hundreds of vulnerabilities submitted to the Zero-Day Initiative (ZDI) program. He also tries to automate whenever he can, pulling from the devops and virtualization arenas. Josh is also a developer for the Metasploit Framework and has spoken at a few conferences and holds a few certifications. Prior to joining HP, Smith served in the U.S. Air Force for 10 years and subsequently became a security engineer at the John Hopkins University Applied Physics Laboratory. Smith performed research into weapons systems vulnerabilities as well as evasion and obfuscation techniques to add depth and realism to security device tests. Smith received a B.S. in Aeronautical Engineering from Rensselaer Polytechnic Institute and an M.A. in Management of Information Systems from the University of Great Falls.
  • Security Researcher, Software Security Research
  • Security Researcher, Zero Day Initiative
  • Steve Povolny manages the Digital Vaccine team at HP TippingPoint. The team is composed of security researchers and filter/signature developers for the Intrusion Prevention System.
HP Blog

HP Software Solutions Blog

Featured


Follow Us
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.